# Add Azure Permissions

To use Tag Manager to add tags to Azure resources, you must first grant permissions in the console to add and remove tags.

①  Log in to the Azure Portal and go to the Subscriptions page.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeWGDAR-JCgHe8vOb-J5AT2B0B3-8I7F4di-VvabF_EmHFYvZN4XQ1OELSFRQXg2Lrayr0iCFft-1zHOdQA31OIBkTPuzx3Vpqv-KIJ_dW23qtOd8mjs2xYk4icAt5VPb5jQi5C0g?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

② Click on the subscription name.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXd12FlOlZjO6BcYNQDPs3UVC2d9QstS4EMHEdjsdiaGC6d3Ajrm0SVGck77Di4w_O4Bkdq5Ee7NzKleDyysM_yPDvyDQOwWsIFi_mr7hUNqHo6XEwtP9T9kMp66yi_3hE0wRQXRJg?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

③ In the left menu, click **Access Control (IAM)**, then click the **\[+ Add]** button at the top left and select Add custom role.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdJ0_R3u7ZyyfbxLJwWRE2wt3aIGRA7r-wLDntNE1l0lEnVbkJfL1ncYuHjwce2uVa0o1NJZ3VQOEysxilKWOrPW4f-W0bmNfoWiiP0YhXnUjOvJ2r-lZ1hg7tsiZMc5J3eQ3WRrQ?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

④ Enter a name for the custom role, then leave the baseline permission setting as the default, start from scratch

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeATneY8-YRKU9nO-a5NDvMySiPkC-fB78rzvx5uidw5RZIcv_wtQ2guTYYNzaj7FR2Bn0LsPx7s5KUnRvdWm16mRTc1soy-oXGOAkk3nWYLaAA_hIvANG6vQkN6l4-NrEljhlL?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑤ In the JSON tab, click the **\[Edit]** button at the top right and copy the code below and paste it under this section: "actions": \[paste code here].

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfDYbBCESORtLwA5s2DYVQzoHNvfvzegg-9dXZo0yB-0U1SDKkgR6HB-iREW7tqxzTPEg55tCK3yOr8qvkf0EWsOAAofrvowCo3aD39mqGZCpl2ri1bjDobZ3ocW1FRIDOAUL_oqA?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑥ Click the **\[Save]** button at the top right, then click **\[Review + Create]** at the bottom left.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdYoY8AQGFNTT8ASpllyjh4kZTXtXvszJ4BSA7h1NmdunOU20NQvy-tQAs8lbAlikLq2043Ft3JZK_almVPFjJYUKt9X7jw93rJ3DfKkyN--b9B5-K8G24f5m7MZn_k8RrVrAazDA?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑦  Back in the **Access Control (IAM)** page, click the \[**+ Add]** button at the top left and select Add role assignment.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXf0TgKr1Zwqbrggi4tmPG3nj5YGJke0M5xWwZfPCV61smU6hsE_mP4ST_iHP8VRTNTq2t5AY018oRdEyGdvirbP56fopcW0s3yH4BNVlOeSpyUwqX8NraG7SsF8sV9ah5z0aZqr4Q?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑧  In the Role tab, search for and select the role you just created, then click the **\[Next]** button at the bottom right.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXdTh1UKMb8XBKzBqCfG5n944sdzbGFt58NTIFwyRD0u-0zQsQoWzvMWytxZZAxRNRoyRpLlE9NR7oIw2VxrfYPU1XEdiOcmGrA5Lp-sxRvDQcNiSyzQyRQwautN3Qvk1MDs8KuCQw?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑨ In the Members tab, choose User, Group, or Service Principal under **Assign access**. Then click the **+ Select members** button, choose the app you want to apply the custom role to from the panel on the right, and click **\[Select]**.&#x20;

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfEmwFA-JvkvTowjDrypNyHoiRFROaDfA8wbfMg6RU4r--VdbWY6PRaQ5EcIZ4diaulGBw9NhbQ42vIbmCArAqvvKF7GEG6PGqZ2dx_qGogXZHtGnZAJfRmrMAXdLn28JYNKYiyZQ?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

⑩ In the Review + Assign screen, click the **\[Review + Assign]** button at the bottom left.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXf-Qpmy2z4Zc9e3zDDTKsZ2LOI28Mqqe67pB0tgsTNi8SKkUracCZykxwAO7IfCJTLcPcrY-kqVbm3ksaAUUIB862grhGQqc6K_hMekaYJhkGfkpb0t845_irxKC84O6xo21Z70Ew?key=e_Gq3bYQ77Dv5LAi74brjA" alt=""><figcaption></figcaption></figure>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsnow.io/opsnow-user-guide-v0.2/menu/tag-manager/tag-explorer-tab/add-azure-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.